Please help us continue to provide you with free, quality journalism by turning off your ad blocker on our site.

Thank you for signing in.

If this is your first time registering, please check your inbox for more information about the benefits of your Forbes account and what you can do next!

I agree to receive occasional updates and announcements about Forbes products and services. You may opt out at any time.

I'd like to receive the Forbes Daily Dozen newsletter to get the top 12 headlines every morning.

Forbes takes privacy seriously and is committed to transparency. We will never share your email address with third parties without your permission. By signing in, you are indicating that you accept our Terms of Service and Privacy Statement.

Shadow IT Is The Cybersecurity Threat That Keeps Giving All Year Long

More than 5,000 personal devices connect to enterprise networks every day with little or no endpoint security enabled in one of every three companies in the U.S., U.K., and Germany.

More than 1,000 shadow IoT devices connect to enterprise networks every day in 30% of the U.S., U.K., and German companies.

12% of U.K. organizations are seeing more than 10,000 shadow IoT devices connect to their enterprise networks every day.

Associates most often use shadow IT devices to access social media (39%), followed by downloading apps (24%), games (13%), and films (7%). Hackers, organized crime and state-sponsored cybercrime organizations rely on social engineering hacks, phishing and malware injection across these four popular areas to gain access to enterprise networks and exfiltrate data.

Shadow personal IoT voice assistants, Amazon Kindles, smartphone, and tablet devices are proliferating across enterprise networks today, accelerated by last-minute shopping everyone is trying to get done before the end of December. 82% of organizations have introduced security policies governing the use of these devices but just 24% of employees are aware of them. Meanwhile, the majority of IT senior management, 88%, believe their policies are effective. These and many other fascinating insights are from a recent study completed by Infoblox titled, What is Lurking on Your Network, Exposing the threat of shadow devices (PDF, 7 pp., no opt-in).

Shadow IT’s Security Gaps Create New Opportunities For Hackers

Gaps in threat surface and endpoint security are what hackers, organized crime, and state-sponsored cybercrime organizations thrive on. The holidays create new opportunities for these organizations capitalize on security gaps using social engineering hacks, phishing, malware injection and more. “With cybercriminals increasingly exploiting vulnerable devices, as well as targeting employees' insecure usage of these devices, it is crucial for enterprise IT teams to discover what's lurking on their networks and actively defend against the threats introduced,” Gary Cox, Technology Director, Western Europe for Infoblox said. Just a few of the many threats include the following:

A quick on-ramp for hackers to exfiltrate data from enterprise systems. Every personal device left unprotected on an enterprise network is an ideal threat surface for hackers and other malicious actors to infiltrate an enterprise network from. The most common technique is to use DNS tunneling, which enables cybercriminals to insert malware or pass stolen information into DNS queries, creating a covert communication channel that bypasses most firewalls. Project Sauron was one particularly advanced threat, which allegedly went undetected for five years at a number of organizations that used DNS tunneling for data exfiltration.

Distributed Denial of Service (DDoS) attacks are often launched from a series of hijacked connected devices that are often the least protected threat surface on corporate networks. It’s common for DDoS attacks to begin with malicious actors hijacking any vulnerable device they can to launch repeated and frequent queries that bombard the Domain Name Server (DNS) with the intent of slowing down its ability to process legitimate queries, often to the point that it can no longer function.

Creating and targeting Botnet armies using vulnerable IoT devices to attack organizations’ enterprise systems is increasing, according to Verizon’s latest 2019 Data Breach Investigations Report.“Botnets are truly a low-effort attack that knows no boundaries and brings attackers either direct revenue through financial account,” according to Verizon’s 2019 study. Botnets are also being used to steal privileged access credentials to an enterprises’ systems that are being accessed from the same personal devices employees are using for social media access and shopping. There have been over 40,000 breaches initiated using botnets this year so far, according to Verizon. The report notes that a variant of the Mirai IoT botnet began scanning for vulnerable Drupal servers in April of this year and was successful in finding the most vulnerable systems globally to install cryptomining software. The attack is known of as Drupalgeddon2, and the scope of its vulnerabilities are still being discovered today.

Chief Information Security Officers (CISOs) have told me that the most challenging aspect of securing the proliferation of shadow IT devices is protecting the multitude of remote locations that together form their distributed networks. They’re saying that in 2020, enabling network security is the greatest challenge their enterprises will face. More enterprises are adopting cloud-based DDI platforms that enable enterprises to simplify the management of highly distributed remote networks as well as to optimize the network performance of cloud-based applications. Leaders in this area include Infoblox, a leader in SD-WAN and cloud-based DDI platforms for enterprises. Here are the most common strategies they’re relying on to secure their distributed networks based on the proliferation of personal devices:

Integrating threat intelligence data to evaluate if specific sites and applications are high risk or not. IT administrators need to deploy solutions that allow them to build safeguards that will prevent potential dangerous activity occurring on the network. Integrating threat intelligence data into DNS management enables security teams to monitor and prevent access to Newly Observed Domains. Many new domains will be set up ahead of a phishing and/or spear phishing campaign, so in preventing access to these sites, organizations can reduce the risk of employees accidently introducing malware through clicking through to insecure links on personal devices connected to the enterprise network.

Set the goal of achieving full visibility across distributed networks by starting with a plan that considers cloud-based DDI platforms. CISOs and the IT teams working with them need to translate their policies into action by achieving more unified visibility by upgrading their core network services, including DNS, DHCP, and IP address management, on cloud-based DDI platforms to bring greater security scale and reliability across their enterprise networks.

Design in greater DNS security at the network level. Enterprise networks are heavily reliant on DNS, making them an area malicious actors attempt to disrupt in their broader efforts to exfiltrate valuable data from organizations. Existing security controls, such as firewalls and proxies, rarely focus on DNS and associated threats – leaving organizations vulnerable to highly aggressive, rapidly proliferating attacks. When secured, the DNS can act as an organization’s first line of defense. The DNS can provide essential context and visibility, so IT teams can be alerted of any network anomalies, report on what devices are joining and leaving the network, and resolve problems faster.

Conclusion

Bring Your Own Device (BYOD) initiatives’ benefits far outweigh the costs, making the business case for BYOD overwhelming positive, as seen in how financial services firms stay secure. Enterprises need to consider adopting a cloud-based DDI platform approach that enables them to simplify the management of highly distributed remote networks as well as to optimize the network performance of cloud-based applications. Many CISOs are beginning to realize the model of relying on centralized IT security isn’t scaling to support and protect the proliferation of user devices with internet access, leaving employees, branch offices, and corporate networks less secure than ever before. Every IT architect, IT Director, or CIO needs to consider how taking an SDWAN-based approach to network management reduces the risk of a breach and data exfiltration.

I am currently serving as Principal, IQMS, part of Dassault Systèmes. Previous positions include product management at Ingram Cloud, product marketing at iBASEt, Plex

…

I am currently serving as Principal, IQMS, part of Dassault Systèmes. Previous positions include product management at Ingram Cloud, product marketing at iBASEt, Plex Systems, senior analyst at AMR Research (now Gartner), marketing and business development at Cincom Systems, Ingram Micro, a SaaS start-up and at hardware companies. I am also a member of the Enterprise Irregulars. My background includes marketing, product management, sales and industry analyst roles in the enterprise software and IT industries. My academic background includes an MBA from Pepperdine University and completion of the Strategic Marketing Management and Digital Marketing Programs at the Stanford University Graduate School of Business. I teach MBA courses in international business, global competitive strategies, international market research, and capstone courses in strategic planning and market research. I've taught at California State University, Fullerton: University of California, Irvine; Marymount University, and Webster University. You can reach me on Twitter at @LouisColumbus.